0

Recently I had assigned a task where I am suposed to optimize the login time for a Redhat SSO service that is installed on a RHEL 7.9. This service uses multiple Active directories to validate the user's credentials. All these AD's are spread around Europe. I would like to setup some of the AD's that i already know that are near my server to be queried first, but I also want to be able to query other ones in case if those that are closer are down. Could you help me with a solution? The most obvious one would be to add the prefered ones inside the /etc/hosts file, but this will make it impossible to reach the other ones...

Thank you very much!

Improve this question
1
  • Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer.
    – Community Bot
    Commented Jul 19, 2022 at 10:35

1 Answer 1

Reset to default
0

I don't know about by location, but by address should be possible using gai.conf, assuming the application you are looking at is doing normal lookups using getaddrinfo and that it's acceptable that this prioritization affects all lookups by applications running on that same machine.

If we have for instance these records in DNS:

test.example.com.             3600    IN      AAAA    2001:db8:1::1
test.example.com.             3600    IN      AAAA    2001:db8:ffff::1
test.example.com.             3600    IN      A       192.0.2.1
test.example.com.             3600    IN      A       198.51.100.1

And test the getaddrinfo behavior using getent ahosts, you get something like this with the default configuration:

$ getent ahosts test.example.com
2001:db8:1::1   STREAM test.example.com
2001:db8:1::1   DGRAM
2001:db8:1::1   RAW
2001:db8:ffff::1 STREAM
2001:db8:ffff::1 DGRAM
2001:db8:ffff::1 RAW
192.0.2.1       STREAM
192.0.2.1       DGRAM
192.0.2.1       RAW
198.51.100.1    STREAM
198.51.100.1    DGRAM
198.51.100.1    RAW
$

(With the records jumping around randomly among the v6 and v4 alternatives respectively if you run the command multiple times.)

If we say that your favorite addresses are 2001:db8:ffff::1 and 198.51.100.1 (based on being closer, more reliable, or whatever) you could put something like this in gai.conf:

precedence ::ffff:198.51.100.1/128  99
precedence 2001:db8:ffff::1/128 100

And to not remove the default behavior also include:

precedence  ::1/128       50
precedence  ::/0          40
precedence  2002::/16     30
precedence ::/96          20
precedence ::ffff:0:0/96  10

Then you would get:

$ getent ahosts test.example.com
2001:db8:ffff::1 STREAM test.example.com
2001:db8:ffff::1 DGRAM
2001:db8:ffff::1 RAW
198.51.100.1    STREAM
198.51.100.1    DGRAM
198.51.100.1    RAW
2001:db8:1::1   STREAM
2001:db8:1::1   DGRAM
2001:db8:1::1   RAW
192.0.2.1       STREAM
192.0.2.1       DGRAM
192.0.2.1       RAW
$
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .